注销后防止后退按钮 [英] Prevent back button after logout

问题描述

我不希望用户在注销后单击后退按钮返回到安全页面。在我的注销代码中，我取消了会话并重定向到登录页面。但是，我认为浏览器正在缓存页面，所以尽管会话从注销中被销毁，它仍然可见。

I don't want the user to go back to secured pages by clicking back button after logging out. In my logout code, I am unsetting the sessions and redirecting to login page.But, I think the browser is caching the page so it becomes visible despite the session being destroyed from logout.

我可以通过不允许浏览器缓存来避免这种情况

I am able to avoid this by not allowing the browser to cache

header（Cache-Control，no-cache， no-store，must-revalidate）

但这样我就失去了浏览器缓存的优势。

But this way I am loosing the advantage of Browser Caching.

请提出更好的方法来实现这一目标。我觉得，javascript客户端必须有办法处理这个问题

Please suggest a better way of achieving this. I feel, there must be a way of handling this by javascript client side

推荐答案

用PHP实现这个而不是javascript。

Implement this in PHP and not javascript.

在每个页面的顶部，检查用户是否已登录。如果没有，则应将其重定向到登录页面：

At the top of each page, check to see if the user is logged in. If not, they should be redirected to a login page:

<?php 
      if(!isset($_SESSION['logged_in'])) : 
      header("Location: login.php");  
?>

正如您所提到的，在注销时，只需取消设置logged_in会话变量，并销毁会话：

As you mentioned, on logout, simply unset the logged_in session variable, and destroy the session:

<?php
      unset($_SESSION['logged_in']);  
      session_destroy();  
?>

如果用户现在点击返回，则没有可用的logged_in会话变量，并且页面将不会加载。

If the user clicks back now, no logged_in session variable will be available, and the page will not load.

这篇关于注销后防止后退按钮的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！